package com.baipiao.permission.backend.config.security;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Component;

import java.util.Collection;

/**
 * @Description: FilterInvocationSecurityMetadataSource（权限资源过滤器接口）继承了
 *               SecurityMetadataSource（权限资源接口） Spring
 *               Security是通过SecurityMetadataSource来加载访问时所需要的具体权限；Metadata是元数据的意思。
 *               自定义权限资源过滤器，实现动态的权限验证 它的主要责任就是当访问一个url时，返回这个url所需要的访问权限
 **/
@Component
public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

	@Override
	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
		// 获取请求地址
		String requestUrl = ((FilterInvocation) object).getRequestUrl();
		return SecurityConfig.createList(requestUrl);
	}

	@Override
	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}

	@Override
	public boolean supports(Class<?> clazz) {
		return true;
	}

}
